Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restricting/removing admin routes #583

Open
Kyochi opened this issue Nov 16, 2022 · 1 comment
Open

Restricting/removing admin routes #583

Kyochi opened this issue Nov 16, 2022 · 1 comment

Comments

@Kyochi
Copy link

Kyochi commented Nov 16, 2022

Is seems impossible to remove/restrict the access to some admin routes. I think about ressource like registry.json that we don't want everyone to access.
In that case we must desactivate the Admin interface instead of just restricting the access to some "ENV" related ressources even if the admin interface would be useful for users.

Correct me if I'm wrong but it's not possible at the moment.
@cacoco
Copy link
Contributor

cacoco commented Apr 25, 2023
edited
Loading

@Kyochi you can always drop in an authentication filter for your chosen authentication (or something smarter that disallowed the request to reach certain routes based on your notion of "env") or even directly challenge in the route handler itself?

I believe there are some examples in the wild which have integrated Okta into admin routes as well. Filtering admin routes is akin to filtering normal controller routes and should be described in the User Guide (https://twitter.github.io/finatra/user-guide/http/controllers.html#admin-paths).

Hope that helps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cacoco @Kyochi